I’ve been monitoring wifi traffic on my network. I’ve seen a large amount sent up by one device, which was reported as starting with BR70188B (mac address 70:18:8b) with manufacturer HonHaiPr.
HonHaiPr is Hon Hai Precision Industry, which makes network devices. The one in question (with the name BRW70188Bxxyyzz) was from a Brother MFC-650DW that is on the network.
Now that I’ve identified the printer, what to do about it? It was spewing lots of uploaded data - perhaps just to the clients that printed from it, but I’m perhaps a little paranoid. (It seems strange that it’s uploading almost as much as gets downloaded to the printer, though.) So I decided to knock it off the Internet to see what happened.
First, I gave it a static IP address in my dhcpd.conf:
host mfc650dw {
hardware ethernet 70:18:8B:xx:yy:zz;
fixed-address 192.168.1.253;
option host-name "mfc650dw";
}
Next, I updated it in DNS (db and db.rev files) just ‘cause now that it’s static it’s handy to have a name to deal with.
Finally, I added a rule to my pf.conf:
block out log quick from 192.168.1.253/32 to ! 192.168.1/24
Now if the printer’s trying to send data up to the Internet, it’s not going to make it through the firewall.
After I did all this, the printer wouldn’t work - Brother apparently stores the IP address but doesn’t refresh if it can’t find it. So I needed to download the Brother Network Connection Repair Tool to tell the Windows printer driver to look for the printer again. Sheesh.